Nineteen individuals charged for participating in illicit marketplace xDedic

With administrators from Moldova and Ukraine, sellers from Russia, buyers from Nigeria, and victims from the US, the dark web forum xDedic Marketplace was a sophisticated international crime network. Now, 19 individuals from around the world have been charged, and some are waiting to be extradited to the US.

xDedic is a now-defunct marketplace for compromised servers, credentials, compromised data, crimeware, and other products. International authorities seized the domain and raided the sites in January 2019, effectively ending its operation.

US Attorney Roger B. Handberg announced the culmination of a transnational cybercrime investigation with charges for individuals at every level of the website’s operation, including its administrators, server sellers, and buyers.

To date, 17 defendants have been charged and/or extradited to the US. Many of them are foreign nationals from countries that do not extradite their citizens, requiring the US to locate and extradite subjects from countries that do. The longest term of imprisonment is 78 months.

In addition, two other individuals, who were identified as buyers on xDedic Marketplace, have been charged with conspiracy to commit wire fraud and aggravated identity theft. They are pending extradition from the United Kingdom.

Cybernews reported last year that four Nigerian nationals from the crime ring were arrested and faced charges.

What was xDedic?

According to court documents, criminals used xDedic Marketplace to illegally acquire login credentials (usernames and passwords) to servers located across the world and personally identifiable information – dates of birth and Social Security numbers – of US residents. Tax fraud and ransomware attacks followed the purchases.

In total, investigators found that xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the US and at least 8,000 in Florida.

Marketplace victims spanned the globe and industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities. The administrators strategically maintained servers all over the world to facilitate the operation of the website.

“The xDedic administrators practiced exceptional operational security, operating the website across a widely distributed international network, and utilizing cryptocurrency in order to hide the locations of the Marketplace’s underlying servers and the identities of its administrators, sellers, and buyers,” the US Attorney’s Office said in a press release.

The international operation to dismantle and seize xDedic’s infrastructure included law enforcement authorities in Belgium and Ukraine, the European law enforcement agency Europol, the National High Tech Crime Unit from the Dutch National Police, and the German Bundeskriminalamt.

Who were the actors?

Marketplace administrators Alexandru Habasescu and Pavlo Kharmansky were sentenced to 41 and 30 months imprisonment, respectively. Residing in Chisinau, Moldova, Habasescu was the lead developer and technical mastermind, while Kharmanskyi from Kyiv, Ukraine, advertised for the website, paid administrators, and provided customer support to buyers, the press release explains.

Habasescu was taken into custody in the Spanish Canary Islands in 2022 and extradited to the US, while Kharmanskyi was arrested at the Miami International Airport in 2019 as he attempted to enter the US.

Marketplace seller Dariy Pankov, a Russian national, was subsequently sentenced to 60 months in federal prison. He was one of the highest sellers on the xDedic by volume, listing for sale the credentials of more than 35,000 compromised servers worldwide and obtaining more than $350,000 in illicit proceeds. He developed powerful malware named NLBrute that was capable of compromising protected computers by decrypting login credentials. Pankov was taken into custody in the Republic of Georgia in 2022 and extradited to the US.

Nigerian national Allen Levinson was a prolific buyer on the Marketplace who received a sentence of 78 months in federal prison. Levinson held particular interest in purchasing access to US-based Certified Public Accounting firms. He then used the information to file hundreds of false tax returns with the United States government, requesting more than $60 million in fraudulent tax refunds. Levinson was taken into custody in the UK in 2020 and extradited to the US.

Eleven defendants received sentences of at least 12 months in prison, one was sentenced to 5 years probation, and five conspirators are still waiting for their sentences.

Two xDedic buyers who are waiting to be extradited from the UK face a maximum penalty of 20 years in federal prison if convicted.

More from Cybernews:

Book review: “Bottoms Up and the Devil Laughs” about your right to privacy

Don’t trust links with known domains: BMW affected by redirect vulnerability

Orrick, Herrington & Sutcliffe breach total jumps to over 600K impacted

True colors of Neptune and Uranus revealed

Crypto start-up co-founder scammed out of $125,000

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked